769 matches found
Spoofing Attack
chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in URL Formatting of the library, allowing an attacker to perform domain spoofing via a maliciously crafted HTML page...
CVE-2022-4915
Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2022-4915
Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...
Design/Logic Flaw
Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2022-4915
Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2022-4915
Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2022-4915
CVE-2022-4915 is a Chrome/Chromium URL formatting vulnerability: an improper URL handling in Chrome prior to 103.0.5060.134 allowed a remote attacker to spoof domains via a crafted HTML page. Documents consistently reference Google Chrome/Chromium and a domain-spoofing impact; desktop Chrome vers...
CVE-2022-4915
Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...
SUSE-SU-2023:2850-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox and MozillaFirefox-branding-SLE: This update provides Firefox Extended Support Release 115.0 ESR New: - Required fields are now highlighted in PDF forms. - Improved performance on...
Brute Force Token Secrets
superfly/tokenizer is vulnerable to brute-force of token secrets vulnerability. The vulnerability is due to not restricting formatting in fmt parameter to simple formatting and allowing fmt/dst parameters to be specified at request time leading to attacker brute forcing secret values using...
CVE-2023-36462 Mastodon's verified profile links can be formatted in a misleading way
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a...
PT-2023-5146 · Milesight · Milesight Ur32L
Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: The issue is caused by a buffer overflow vulnerability in the firewall handler set function of the Milesight UR32L router's firmware. This vulnerability can be exploited by a remote attacker to...
The vulnerability of the formatting function of the SQL parser for Python, Sqlparse, allows a hacker to cause a service failure.
The vulnerability of the formatting function of the SQL parser for Python Sqlparse is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability allows an attacker to cause service failures remotely...
Triangle MicroWorks SCADA Data Gateway Formatting String Error Vulnerability
Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. A formatting string error vulnerability exists in Triangle MicroWorks SCADA Data Gateway, which can be exploited by an attacker to execute arbitrary code and gain host privileges...
EyouCMS 跨站请求伪造漏洞
Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCMS v1.6.2, which originated from allowing an attacker to execute arbitrary commands by uploading a carefully...
Zyxel NBG-418N v2 格式化字符串错误漏洞
The Zyxel NBG-418N v2 is a wireless router from China Hopkins Zyxel. A security vulnerability exists in the Zyxel NBG-418N v2 firmware versions prior to V1.00. A remote attacker could exploit this vulnerability to cause a denial of service DoS condition on the affected device...
[SECURITY] Fedora 37 Update: lilypond-2.24.1-1.fc37
LilyPond is an automated music engraving system. It formats music beautifully and automatically, and has a friendly syntax for its input files...
Git for Windows 格式化字符串错误漏洞
Git for Windows is Git's Git for Windows. A formatting string error vulnerability exists in Git for Windows version 2.40.0 and prior versions, which stems from the use of hard-coded paths to find localized messages...
Cross-site Scripting in Backdrop CMS
A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...
CVE-2023-31045
A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...